Essentially Optimal Robust Secret Sharing with Maximal Corruptions

  • Allison Bishop
  • Valerio PastroEmail author
  • Rajmohan Rajaraman
  • Daniel WichsEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9665)


In a t-out-of-n robust secret sharing scheme, a secret message is shared among n parties who can reconstruct the message by combining their shares. An adversary can adaptively corrupt up to t of the parties, get their shares, and modify them arbitrarily. The scheme should satisfy privacy, meaning that the adversary cannot learn anything about the shared message, and robustness, meaning that the adversary cannot cause the reconstruction procedure to output an incorrect message. Such schemes are only possible in the case of an honest majority, and here we focus on unconditional security in the maximal corruption setting where \(n = 2t+1\).

In this scenario, to share an m-bit message with a reconstruction failure probability of at most \(2^{-k}\), a known lower-bound shows that the share size must be at least \(m + k\) bits. On the other hand, all prior constructions have share size that scales linearly with the number of parties n, and the prior state-of-the-art scheme due to Cevallos et al. (EUROCRYPT ’12) achieves \(m + \widetilde{O}(k + n)\).

In this work, we construct the first robust secret sharing scheme in the maximal corruption setting with \(n=2t+1\), that avoids the linear dependence between share size and the number of parties n. In particular, we get a share size of only \(m + \widetilde{O}(k)\) bits. Our scheme is computationally efficient and relies on approximation algorithms for the minimum graph bisection problem.



Daniel Wichs: Research supported by NSF grants CNS-1347350, CNS-1314722, CNS- 1413964.

Valerio Pastro and Daniel Wichs: This work was done in part while the authors were visiting the Simons Institute for the Theory of Computing, supported by the Simons Foundation and by the DIMACS/Simons Collaboration in Cryptography through NSF grant CNS-1523467.


  1. [Bla79]
    Blakley, G.R.: Safeguarding cryptographic keys. In: International Workshop on Managing Requirements Knowledge, pp. 313–317. IEEE Computer Society (1979)Google Scholar
  2. [BPRW15]
    Bishop, A., Pastro, V., Rajaraman, R., Wichs, D.: Essentially optimal robust secret sharing with maximal corruptions. IACR Cryptology ePrint Archive, 2015:1032 (2015)Google Scholar
  3. [BS97]
    Blundo, C., De Santis, A.: Lower bounds for robust secret sharing schemes. Inf. Process. Lett. 63(6), 317–321 (1997)MathSciNetCrossRefGoogle Scholar
  4. [CDD+15]
    Cramer, R., Damgård, I.B., Döttling, N., Fehr, S., Spini, G.: Linear secret sharing schemes from error correcting codes and universal hash functions. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 313–336. Springer, Heidelberg (2015)Google Scholar
  5. [CDF01]
    Cramer, R., Damgård, I.B., Fehr, S.: On the cost of reconstructing a secret, or VSS with optimal reconstruction phase. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 503–523. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. [CDF+08]
    Cramer, R., Dodis, Y., Fehr, S., Padró, C., Wichs, D.: Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 471–488. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. [Cev11]
    Cevallos, A.: Reducing the share size in robust secret sharing (2011).
  8. [CFOR12]
    Cevallos, A., Fehr, S., Ostrovsky, R., Rabani, Y.: Unconditionally-secure robust secret sharing with compact shares. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 195–208. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. [Che15]
    Cheraghchi, M.: Nearly optimal robust secret sharing. IACR Cryptology ePrint Archive, 2015:951 (2015)Google Scholar
  10. [CSV93]
    Carpentieri, M., De Santis, A., Vaccaro, U.: Size of shares and probability of cheating in threshold schemes. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 118–125. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  11. [FK02]
    Feige, U., Krauthgamer, R.: A polylogarithmic approximation of the minimum bisection. SIAM J. Comput. 31(4), 1090–1118 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  12. [GJS76]
    Garey, M.R., Johnson, D.S., Stockmeyer, L.J.: Some simplified np-complete graph problems. Theor. Comput. Sci. 1(3), 237–267 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  13. [JS13]
    Jhanwar, M.P., Safavi-Naini, R.: Unconditionally-secure robust secret sharing with minimum share size. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 96–110. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  14. [LP14]
    Lewko, A.B., Pastro, V.: Robust secret sharing schemes against local adversaries. IACR Cryptology ePrint Archive, 2014:909 (2014)Google Scholar
  15. [Räc08]
    Räcke, H.: Optimal hierarchical decompositions for congestion minimization in networks. In: Dwork, C. (ed.) Proceedings of the 40th Annual ACM Symposium on Theory of Computing, Victoria, British Columbia, Canada, 17–20 May 2008, pp. 255–264. ACM (2008)Google Scholar
  16. [RB89]
    Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In: Johnson, D.S. (ed.) Proceedings of the 21st Annual ACM Symposium on Theory of Computing, Seattle, Washigton, USA, 14–17 May 1989, pp. 73–85. ACM (1989)Google Scholar
  17. [Sha79]
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  18. [Sud97]
    Sudan, M.: Decoding of reed solomon codes beyond the error-correction bound. J. Complex. 13(1), 180–193 (1997)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Columbia UniversityNew York CityUSA
  2. 2.Northeastern UniversityBostonUSA

Personalised recommendations